/**
 * Newsletter Routes
 * Public subscription management and admin endpoints
 */

const express = require('express');
const router = express.Router();

const newsletterController = require('../controllers/newsletter.controller');
const { authenticateToken, requireRole } = require('../middleware/auth.middleware');
const { validateRequired } = require('../middleware/validation.middleware');
const { asyncHandler } = require('../middleware/error.middleware');
const { createInputValidationMiddleware } = require('../middleware/input-validation.middleware');
const { formRateLimiter } = require('../middleware/rate-limit.middleware');
const { csrfProtection } = require('../middleware/csrf-protection.middleware');

/**
 * Public Routes
 */

// Validation schema for newsletter subscription
const newsletterSubscribeSchema = {
  'email': { required: true, type: 'email', maxLength: 254 },
  'name': { required: false, type: 'name', maxLength: 100 }
};

// POST /api/newsletter/subscribe - Subscribe to newsletter
router.post('/subscribe',
  formRateLimiter,  // 5 requests per minute
  csrfProtection,  // CSRF validation
  createInputValidationMiddleware(newsletterSubscribeSchema),
  validateRequired(['email']),
  asyncHandler(newsletterController.subscribe)
);

// GET /api/newsletter/verify/:token - Verify email subscription
router.get('/verify/:token',
  asyncHandler(newsletterController.verify)
);

// POST /api/newsletter/unsubscribe - Unsubscribe from newsletter
router.post('/unsubscribe',
  asyncHandler(newsletterController.unsubscribe)
);

// PUT /api/newsletter/preferences - Update subscription preferences
router.put('/preferences',
  validateRequired(['email']),
  asyncHandler(newsletterController.updatePreferences)
);

/**
 * Admin Routes (require authentication)
 */

// GET /api/newsletter/admin/stats - Get newsletter statistics
router.get('/admin/stats',
  authenticateToken,
  requireRole('admin', 'moderator'),
  asyncHandler(newsletterController.getStats)
);

// GET /api/newsletter/admin/subscriptions - List all subscriptions
router.get('/admin/subscriptions',
  authenticateToken,
  requireRole('admin', 'moderator'),
  asyncHandler(newsletterController.listSubscriptions)
);

// GET /api/newsletter/admin/export - Export subscriptions as CSV
router.get('/admin/export',
  authenticateToken,
  requireRole('admin'),
  asyncHandler(newsletterController.exportSubscriptions)
);

// DELETE /api/newsletter/admin/subscriptions/:id - Delete subscription
router.delete('/admin/subscriptions/:id',
  authenticateToken,
  requireRole('admin'),
  asyncHandler(newsletterController.deleteSubscription)
);

module.exports = router;